TY - GEN
T1 - Using purpose capturing signatures to defeat computer virus mutating
AU - Jia, Xiaoqi
AU - Xiong, Xi
AU - Jing, Jiwu
AU - Liu, Peng
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.
AB - Nowadays computer viruses become more and more difficult to be identified. Modern computer viruses use various mutation techniques such as polymorphism and metamorphism to evade detection. Previous researches in mutated computer virus detection have limitations in that: 1) most of them cannot handle advanced mutation techniques; 2) the methods based on source code analysis are less practical. 3) some methods are unable to detect computer viruses immediately. In this paper, we present a new dynamic approach to detect and analyze computer viruses based on Virtual Machine technology. We show that 1) how to generate Purpose Capturing Signatures based on the information of runtime values (execution value sequence, EVS) and control flows (execution control sequence, ECS); 2) how to detect and analyze computer viruses using the purpose-capturing signatures. To our best knowledge, it is the first method to perform computer virus detection and analysis using the EVS and ECS. Our experimental evaluation demonstrates that this approach is able to use one signature to detect all mutations of the corresponding virus efficiently.
UR - http://www.scopus.com/inward/record.url?scp=78650294340&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650294340&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-12827-1_12
DO - 10.1007/978-3-642-12827-1_12
M3 - Conference contribution
AN - SCOPUS:78650294340
SN - 3642128262
SN - 9783642128264
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 153
EP - 171
BT - Information Security Practice and Experience - 6th International Conference, ISPEC 2010, Proceedings
T2 - 6th International Conference on Information Security Practice and Experience, ISPEC 2010
Y2 - 12 May 2010 through 13 May 2010
ER -